Skip to main content Link Menu Expand (external link) Document Search Copy Copied

sys / net / iptables

Last update:

IPtables network filtering 

#? getting-start iptables
#
#? set iptables logging 
sudo iptables -A INPUT -j LOG --log-prefix DROP-IN

#? reject any TCP rule to not send back TCP RST when scanned
iptables -I INPUT -p tcp --dport <port> -j REJECT --reject-with tcp-reset

#? check iptables logs
sudo iptables -nvL 
sudo tail -f /var/log/kern.log

# iptables count reset 
sudo iptables -A INPUT -j LOG --log-prefix DROPPED-INGRESS-

Saving & persistency 

#? save iptables config
iptables-save > /etc/iptables.rules
cd /etc/rc0.d; ln -s ../iptables.rules K01iptables

#? restore iptables config
iptables-restore

Common policies